From owner-freebsd-security Fri Jan 21 9:42:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.servercom.com (mail.servercom.com [198.76.116.6]) by hub.freebsd.org (Postfix) with ESMTP id EF5D215546 for ; Fri, 21 Jan 2000 09:42:24 -0800 (PST) (envelope-from yardley@uiuc.edu) Received: from liquid (wake-gw.wakeland.servercom.com [198.88.186.1]) by mail.servercom.com (Post.Office MTA v3.5.3 release 223 ID# 0-57662U1200L100S0V35) with ESMTP id com; Fri, 21 Jan 2000 11:40:11 -0600 Message-Id: <4.2.0.58.20000121113943.012a8f10@students.uiuc.edu> X-Sender: yardley@students.uiuc.edu X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 21 Jan 2000 11:42:24 -0600 To: news@technotronic.com, bugtraq@securityfocus.com, freebsd-security@FreeBSD.ORG From: Tim Yardley Subject: Re: explanation and code for stream.c issues In-Reply-To: <4.2.0.58.20000121112253.012a8f10@students.uiuc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:25 AM 1/21/2000, Tim Yardley wrote: >stream.c issues > >--------------------------------------------------- >:: temp remedy (exec summary) >--------------------------------------------------- > >If you use ipfilter... > >-- start rule set -- >block in quick proto tcp from any to any head 100 >pass in quick proto tcp from any to any flags S keep state group 100 >pass in all >-- end rule set -- > >That will help you "stop" the attack, although it will still use some CPU >though > >Note: If you use IPFW, there is no immediate way to solve this problem due >to the fact that it is a stateless firewall. If you are getting attacked, >then temporarily use ipfilter to stop it. > >Otherwise, wait for vendor patches. > >FreeBSD "unofficial patch" by Alfred Perlstein: >http://www.freebsd.org/~alfred/tcp_fix.diff >-- start stream.c -- > packet.tcp.th_flags = 0; change this to a little different effect: packet.tcp.th_flags = TH_ACK; /tmy -- Diving into infinity my consciousness expands in inverse proportion to my distance from singularity +-------- ------- ------ ----- ---- --- -- ------ --------+ | Tim Yardley (yardley@uiuc.edu) | http://www.students.uiuc.edu/~yardley/ +-------- ------- ------ ----- ---- --- -- ------ --------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message